Ch5 System Security

Network Security
Network Security
• Contents:
• Internet security protocols and standards

• Internet authentication applications

• Wireless network security

Network Security
• Internet security protocols and standards
• The most widely used and important Internet security protocols and stds:
• Secure/Multipurpose Internet Mail Extension) S/MIME
• DomainKeys Identified Mail (DKIM)
• Secure Sockets Layer (SSL)
• Transport Layer Security (TLS)
• HTTPS
• IPSec (Internet Protocol Security)
Network Security -> Internet security protocols …
• Secure/Multipurpose Internet Mail Extension) S/MIME
• is a security enhancement to the MIME Internet e-mail format standard,
based on technology from RSA Data Security.
• MIME (an extension to old RFC 822 spec) allows non-ASCII data to be sent
through SMTP. It allows the users to exchange different kinds of data files on
the Internet: audio, video, images, application programs as well.
• S/MIME is defined as a set of additional MIME content types and provides
the ability to sign and/or encrypt e-mail messages.
• Services it provides:
• Encryption – to protect message (using e.g 3DES/ ElGamal)
• Digital signature – sender verification (using e.g SHA with DSS, SHA/MD5 with RSA)
• The process of digitally signing: compose msg -> digitally sign it -> encrypt
hash with private key -> attach digital signature and key with msg -> send
msg -> recipient validates it using public key
Network Security -> Internet security protocols …
• DomainKeys Identified Mail (DKIM)
• is a specification for cryptographically signing e-mail messages, permitting a
signing domain to claim responsibility for a message in the mail stream.
• Message recipients (or agents acting in their behalf) can verify the signature
by querying the signer’s domain for PK.
• DKIM has been widely adopted by a range of e-mail providers, including
corporations, government agencies, gmail, yahoo, and many Internet service
providers (ISPs).
• Differs from that of S/MIME; motivation for DKIM:
• Most users does not use S/MIME
• S/MIME signs only the message content, not header (can be compromised)
• DKIM is transparent to user (not implemented in client programs)
• DKIM applies to all mail from cooperating domains.
• DKIM prevents forgers from masquerading as good senders.
 Network Security -> Internet security protocols …
• Secure Sockets Layer (SSL) and Transport Layer Security (TLS)
• Secure Sockets Layer (SSL):
• Provides security services for transport layer by enhancing it with confidentiality,
data integrity, server authentication, and client authentication.
• Supported by all web browsers and Web servers, and it is used by Gmail and
essentially all Internet commerce sites (including Amazon, eBay, and TaoBao). [https]
• Has three phases:
• Handshake – client establish connection with server, verifies server, sends master
key
• Key derivation – generation of four keys (two for data, two for verifying integrity)
• Data transfer – SSL breaks the data stream into records, appends a Msg Auth. Code
(MAC) to each record for integrity checking, and then encrypts the record +MAC .
• MAC is created by hashing record with sender’s session key
• To encrypt package record + MAC, sender uses session encryption key
Network Security -> Internet security protocols …
• Transport Layer Security (TLS)
• TLS evolved from SSL, used for secure web browsing
• TLS is designed to make use of TCP to provide a reliable end-to-end secure
service.
• TLS is not a single protocol but rather two layers of protocols as shown
• The Record Protocol provides basic
security services to various higher-layer
protocols (e.g. HTTP)
• Handshake Protocol, the Change Cipher
Spec Protocol, and the Alert Protocol –
parts of TLS – are used in the
management of TLS exchanges
Network Security -> Internet security protocols …
• Transport Layer Security (TLS)
• Connection: transient, peer to peer relationship, associated with 1 session
• Session: association between client and server; created by HS protocol;
defines a set of cryptographic security parameters shared among multiple
connections; avoid expensive negotiation of new parameters
• TLS protocols:
• Record protocol – provides two services for SSL connections:
• Confidentiality: The Handshake Protocol defines a shared secret key that is used for
symmetric encryption of SSL payloads.
• Message integrity: The Handshake Protocol also defines a shared secret key that is used
to form a message authentication code (MAC).
• Change Cipher Spec protocol – single byte msg with value of 1, cause the pending
state to be copied into the current state, which updates the cipher suite to be used on this
connection.

• READING: other protocols: Alert, Handshake, Heartbit,

Network Security -> Internet security protocols …
• SSL/TLS Attacks
• SSL/TLS exhaustion attack – overwhelms system’s ability to communicate;
can lead to data loss, service disruption
• SSL downgrade attack – An attacker intentionally drops a connection
protocol or algorithm to an older, less secure version. This allows attackers to
steal data like financial information.
• SSL stripping attack – An attacker intercepts requests between a user and a
server, eliminating the protection provided by SSL/TLS. This can lead to
credential theft, sensitive data exposure, and phishing sites.
• MITM – An attacker tries to extract personal information like login
credentials and credit card details. This can be done by stealing a website's
server key, compromising the issuing Certificate Authority (CA), or injecting a
fake CA into the client.
• Session hijacking – An attacker gains unauthorized access to a session key or
ID, allowing them to steal data or make transactions without the user's
consent.
Network Security -> Internet security protocols -> HTTPS
• HTTPS is a combination of HTTP and SSL to implement secure
communication between a Web browser and a Web server.
• The HTTPS capability is built into all modern Web browsers. Its use
depends on the Web server supporting HTTPS communication.
• addresses begin with https:// rather than http://, port no. used: 443
• When HTTPS is used, the following elements of the communication
are encrypted:
• URL of the requested document
• Contents of the document
• Contents of browser forms (filled in by browser user)
• Cookies sent from browser to server and from server to browser
• Contents of HTTP header
Network Security -> Internet security protocols -> HTTPS
• HTTPS -> Connection Initiation:
• HTTP client also acts as the TLS client.; initiates a connection to the server on
the appropriate port and then sends the TLS ClientHello to begin the TLS
handshake.
• client may then initiate the first HTTP request.
• All HTTP data is to be sent as TLS application data.
• HTTPS -> Connection Closure:
• An HTTP client or server can indicate the closing of a connection by including
the following line in an HTTP record: Connection: close; which
indicates that connection will be closed after this record is delivered.
• The closure of an HTTPS connection requires that TLS close the connection
with the peer TLS entity on the remote side, which will involve closing the
underlying TCP connection.
• At the TLS level, the proper way to close a connection is for each side to use
the TLS alert protocol to send a close_notify alert.
Network Security -> Internet security protocols -> IPSec
• IPSec (Internet Protocol Security): uses encryption and authentication to
protect IP network packets; also enables VPN
• It provides authentication, integrity, and data privacy between any two IP entities.
• provides the capability to secure communications across a LAN, WAN & Internet
• Principal feature: it can encrypt and/or authenticate all traffic at the IP level.
• IPsec can play a vital role in the routing architecture required for internetworking.
• To provide security, IPSec uses two main protocols:
• AH (Authentication Header) – verifies whether data comes from a trusted source and hasn’t
been changed
• ESP (Encapsulating Security Payload) – performs authentication and encryption of data

IPSec datagram format:

SPI – Security Param Index

 Network Security -> Internet authentication applications

• support network-based authentication and digital signatures

• Include:
• Kerberos
• X.509

• Kerberos:
• a computer network
authentication protocol
that verifies users'
identities and protects
their data. It's used to
secure access to
applications and services
over networks
 Network Security -> Internet authentication applications
• X.509:
• Recall that a certificate links a public key with
the identity of the key’s owner, with the whole
block signed by a trusted third party.
• Typically, the third party is a certificate
authority (CA) that is trusted by the user
community
• X.509 is the most widely accepted format for
public-key certificates.
• X.509 certificates are used in most network
security applications

X.509 elements:
Network Security -> Wireless network security

• Wireless network security:

• Wireless networks, and the wireless devices that use them, introduce a host
of security problems over and above those found in wired networks.
• Factors to higher risk:
• Channel – since it is broadcast, susceptible to eavesdropping and jamming
• Mobility – mobile devices
• Limited resources – devices cannot counter threats easily
• Accessibility – devices in unattended/remote locations are susceptible
• Wireless network threats: association (accidental, malicious), ad hoc, PANs,
identity theft (MAC spoofing), MITM, DoS, network injection
• Wireless security measures:
• Securing transmission – signal hiding, encryption of all transmission
• Securing wireless Aps – port-based network access control using IEEE 802.1X
• Device security – auto-lock, PIN, avoiding autocomplete, enabling SSL, antivirus, …
Readings:
• Device security elements
• IEEE 802.11i Wireless LAN security

Next:
• Management Issues
• Quiz 2
• Assignment 2